Ben Reser wrote on Fri, Jan 16, 2015 at 14:09:45 -0800: > On 1/16/15 11:52 AM, C. Michael Pilato wrote: > > As for log levels, is there any reason to log the implicit read attempts > > at a level higher than "debug"? I have no opinion about the log level > > for the explicit ones. > > I can see some people possibly wanting this information for auditing purposes. > There may be organizations that have to prove their access rules work and it > can such logging could be useful for that. But I agree that it should be > limited to elevated logging levels.
It would be nice if the the logged message should be different in that case, too. That is: there should be some indication, besides the different log level, that the subrequest-generated log event is "normal". That is, we don't want this: [debug] Access denied: /private [error] Access denied: /private But this: [debug] Hiding directory '/private' (Access denied) [error] Access denied: /private (Or some other log level instead of "debug" — I haven't thought about what log level would be appropriate.) Daniel
